Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

· Check
Point Software researchers identified a security hole in unpatched versions of
eBay’s Magento e-commerce platform that can be exploited to gain access to
databases containing customers’ financial and personal information. – Securityweek
See
item 2 below in the Financial Services Sector

· The U.S.
Department of Agriculture announced April 20 that about 5.3 million hens at a
commercial egg-laying facility in Osceola County, Iowa, must be culled as a
precaution after a strain of bird flu was detected in the flock. – Des
Moines Register

6. April
21, Des Moines Register – (Iowa) 5.3 million Iowa laying hens to
be destroyed in bird flu outbreak. The U.S. Department of Agriculture
announced April 20 that about 5.3 million laying hens at an Osceola County
commercial egg-laying facility must be culled as a precaution after a strain of
bird flu was detected in the flock. More than 2.6 million additional birds have
been killed as a result of the bird flu, which has been confirmed at more than
50 sites across at least 8 States, including Wisconsin where a state of
emergency was declared over the outbreak. Source: http://www.desmoinesregister.com/story/money/agriculture/2015/04/20/avian-flu-chicken-eggs/26094811/

· Blue
Bell Creameries recalled April 20 all of its products currently on the market
in 23 U.S. States and abroad due to an ongoing Listeria outbreak that has
sickened at least 10 individuals, including 3 people who died from infection. –
Food Safety News

7. April
21, Food Safety News – (International) CDC Reports Two More Cases
in Listeria Outbreak. Texas-based Blue Bell Creameries issued a voluntary
recall April 20 for all of its products currently on the market in 23 U.S.
States and abroad due to an ongoing Listeria outbreak that has been connected
to several of the company’s plants. The U.S. Centers for Disease Control and
Prevention reported 2 new cases that are linked to Blue Bell products April 21,
increasing the case count to 10, including 3 cases that resulted in death.
Source: http://www.foodsafetynews.com/2015/04/blue-bell-recalls-all-products-made-in-all-company-facilities

·
An underground cable issue sparked a transformer explosion that damaged the Suburban
Building and nearby businesses in Radnor Township, Pennsylvania, April 20, and
prompted Philadelphia Electric Company crews to cut power to about 80 customers
including 14 businesses. – Norristown Times Herald

25. April 21, Norristown Times Herald –
(Pennsylvania) Transformer explosion in Radnor Township shatters, closes
storefronts. An underground cable issue sparked a transformer explosion
that shattered windows at the Suburban Building and nearby businesses in Radnor
Township April 20, and prompted Philadelphia Electric Company crews to cut power
to about 80 customers including 14 businesses. Some businesses remained closed
April 21, while crews expected to restore service to all customers later that
day. Source: http://www.timesherald.com/general-news/20150421/transformer-explosion-in-radnor-township-shatters-closes-storefronts

For another story, see item 24 below in the Information Technology Sector

Information Technology Sector

19. April 21,
Softpedia – (International) Highly popular WordPress plugins vulnerable
to XSS attacks. A security researcher from Scrutinizer discovered an issue
with two coding functions used in many content management system (CMS) plugins
created by WordPress developers that could allow attackers to run cross-site
scripting (XSS) attacks and access sensitive areas of affected Web sites. The
vulnerability was a result of improper documentation regarding external users’
ability to run commands via the functions. Source: http://news.softpedia.com/news/At-Least-17-Popular-WordPress-Plugins-Vulnerable-to-XSS-Attacks-478968.shtml

20. April 21,
Softpedia – (International) iOS apps from developers vulnerable to HTTPS
data decryption. Research from SourceDNA revealed that almost 1,000 iOS
apps are vulnerable to a security flaw in build 2.5.1 of open source
AFNetworking that disables secure sockets layer (SSL) certificate validation,
which could allow attackers to carry out man-in-the-middle (MitM) attacks and
read encrypted information in plain text. The flaw was patched in late March,
but many developers have not yet integrated the updated code. Source: http://news.softpedia.com/news/iOS-Apps-from-Developers-Vulnerable-to-HTTPS-Data-Decryption-478951.shtml

21. April 21,
Softpedia – (International) Fake antivirus delivered to users in the US
via Fiesta exploit kit. Security researchers at Trend Micro discovered that
cybercriminals have switched the payload delivered via the Fiesta exploit kit
(EK) from crypto-malware such as TeslaCrypt to a fake antivirus program called
“Antivirus Pro 2015” that disables Windows tools and software that could
deactivate it, before requiring users to pay to remove the infection.
Researchers reported that Fiesta EK distributors targeted the U.S. more than
any other country in March. Source: http://news.softpedia.com/news/Fake-Antivirus-Delivered-to-Users-in-the-US-via-Fiesta-Exploit-Kit-478933.shtml

22. April 21,
Help Net Security – (International) New fileless malware found in the wild. Security
researchers at Trend Micro discovered that a new fileless malware, dubbed
Phasebot, uses Microsoft Windows PowerShell to evade detection and run
components hidden in the Windows registry, contains an external module loader
to add and remove functionalities on infected systems, and can execute numerous
routines per the instruction of the bot administrator. Source: http://www.net-security.org/malware_news.php?id=3021

23. April 20,
Softpedia – (International) New ransomware “Threat Finder” delivered by
Angler exploit kit. Security researchers at Rackspace discovered that a new
piece of crypto-malware called Threat Finder has been distributed in drive-by
attacks via Bedep malware downloaded by the Angler exploit kit (EK). The
crypto-malware encrypts important file types including documents, media files,
and database formats before asking affected users for bitcoin in exchange for
the decryption key. Source: http://news.softpedia.com/news/New-Ransomware-Threat-Finder-Delivered-by-Angler-Exploit-Kit-478881.shtml

24. April 20,
IDG News Service – (International) Pushdo spamming botnet gains strength again. Security
researchers at Fidelis Cybersecurity reported that an updated version of the
Pushdo botnet has infected systems in over 50 countries with the Fareit and
Cutwail malware as well as the Dyre and Zeus banking trojans. The spamming
botnet has been in operation since 2007 due to its frequently changing command
and control (C&C) system that generates 30 domain names a day that infected
computers can contact. Source: http://www.networkworld.com/article/2912533/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_all

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"